J2ME (Java 2, Micro Edition) is a Java release that is geared towards various embedded computing platforms and mobile devices such as phones, PDAs, etc. Virtual machines for J2ME are implemented through the CLDC (Connected Limited Device Configurations) and Connected Device Configuration (CDC) components. One such virtual machine for the CLDC is the K Virtual Machine (KVM). A presentation has been released detailing multiple vulnerabilities that potentially affect various devices running J2ME (Java 2, Micro Edition). These issues could be exploited by a malicious midlet to circumvent security measures of a device and take unauthorized actions. The core issues appear to exist in the J2ME implementation itself but some devices hosting the J2ME may be more or less affected. These issues exist in the bytecode verifier and may generally be exploited to gain to circumvent Java type safety and also gain unauthorized read/write access to device memory. A comprehensive list of affected...
J2ME (Java 2, Micro Edition) is a Java release that is geared towards various embedded computing platforms and mobile devices such as phones, PDAs, etc. Virtual machines for J2ME are implemented through the CLDC (Connected Limited Device Configurations) and Connected Device Configuration (CDC) components. One such virtual machine for the CLDC is the K Virtual Machine (KVM). A presentation has been released detailing multiple vulnerabilities that potentially affect various devices running J2ME (Java 2, Micro Edition). These issues could be exploited by a malicious midlet to circumvent security measures of a device and take unauthorized actions. The core issues appear to exist in the J2ME implementation itself but some devices hosting the J2ME may be more or less affected. These issues exist in the bytecode verifier and may generally be exploited to gain to circumvent Java type safety and also gain unauthorized read/write access to device memory. A comprehensive list of affected devices is not available at this time. The researchers who discovered these issues will be releasing a research paper at a later date that will describe these issues in further detail. It is expected that a list of affected devices will be included in this paper.
